From 99d9838b256ded8e59f85c93647ba5ec060b7145 Mon Sep 17 00:00:00 2001
From: Ted Kremenek <kremenek@apple.com>
Date: Thu, 8 Apr 2010 19:53:31 +0000
Subject: Add static analyzer check for calls to 'pthread_once()' where the
 control-flow has automatic storage.  This matches the corresponding check for
 'dispatch_once()'.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@100803 91177308-0d34-0410-b5e6-96231b3b80d8
---
 lib/Checker/UnixAPIChecker.cpp | 45 ++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 45 insertions(+)

(limited to 'lib/Checker/UnixAPIChecker.cpp')

diff --git a/lib/Checker/UnixAPIChecker.cpp b/lib/Checker/UnixAPIChecker.cpp
index d75e5d25c4..0c9a45f06f 100644
--- a/lib/Checker/UnixAPIChecker.cpp
+++ b/lib/Checker/UnixAPIChecker.cpp
@@ -24,6 +24,7 @@ namespace {
 class UnixAPIChecker : public CheckerVisitor<UnixAPIChecker> {
   enum SubChecks {
     OpenFn = 0,
+    PthreadOnceFn = 1,
     NumChecks
   };
 
@@ -109,6 +110,49 @@ static void CheckOpen(CheckerContext &C, const CallExpr *CE, BugType *&BT) {
   }
 }
 
+//===----------------------------------------------------------------------===//
+// pthread_once
+//===----------------------------------------------------------------------===//
+
+static void CheckPthreadOnce(CheckerContext &C, const CallExpr *CE,
+                             BugType *&BT) {
+
+  // This is similar to 'CheckDispatchOnce' in the MacOSXAPIChecker.
+  // They can possibly be refactored.
+
+  LazyInitialize(BT, "Improper use of 'pthread_once'");
+
+  if (CE->getNumArgs() < 1)
+    return;
+
+  // Check if the first argument is stack allocated.  If so, issue a warning
+  // because that's likely to be bad news.
+  const GRState *state = C.getState();
+  const MemRegion *R = state->getSVal(CE->getArg(0)).getAsRegion();
+  if (!R || !isa<StackSpaceRegion>(R->getMemorySpace()))
+    return;
+
+  ExplodedNode *N = C.GenerateSink(state);
+  if (!N)
+    return;
+
+  llvm::SmallString<256> S;
+  llvm::raw_svector_ostream os(S);
+  os << "Call to 'pthread_once' uses";
+  if (const VarRegion *VR = dyn_cast<VarRegion>(R))
+    os << " the local variable '" << VR->getDecl()->getName() << '\'';
+  else
+    os << " stack allocated memory";
+  os << " for the \"control\" value.  Using such transient memory for "
+  "the control value is potentially dangerous.";
+  if (isa<VarRegion>(R) && isa<StackLocalsSpaceRegion>(R->getMemorySpace()))
+    os << "  Perhaps you intended to declare the variable as 'static'?";
+
+  EnhancedBugReport *report = new EnhancedBugReport(*BT, os.str(), N);
+  report->addRange(CE->getArg(0)->getSourceRange());
+  C.EmitReport(report);
+}
+
 //===----------------------------------------------------------------------===//
 // Central dispatch function.
 //===----------------------------------------------------------------------===//
@@ -147,6 +191,7 @@ void UnixAPIChecker::PreVisitCallExpr(CheckerContext &C, const CallExpr *CE) {
   const SubCheck &SC =
     llvm::StringSwitch<SubCheck>(FI->getName())
       .Case("open", SubCheck(CheckOpen, BTypes[OpenFn]))
+      .Case("pthread_once", SubCheck(CheckPthreadOnce, BTypes[PthreadOnceFn]))
       .Default(SubCheck());
 
   SC.run(C, CE);
-- 
cgit v1.2.3-70-g09d2